The Time for iVote Has Come

Published April 9, 2020 by
Geoff Perlman

While we all hope that the current pandemic will soon pass, it is prudent that we prepare for the possibility that it will not. That means we have to start thinking about how we will hold elections. Some countries already allow for Internet voting. Here in the US, we do not. It’s looking increasingly unlikely that the pandemic will safely allow voters to go to the polls as usual. Think about the long lines we see every election. Now imagine that with social distancing rules in place. Imagine how long it would take to wipe down every voting machine between voters. With that in mind we all must begin preparing for an alternative way to vote.

Many believe that the solution is simply voting by mail. That’s certainly a possibility. In the last presidential election, 36% of voters voting by non-traditional means according to a Pew Research poll. Residents of Colorado, Hawaii, Oregon, Utah and Washington vote this way regularly. Each voter is mailed a ballot in advance and can then mail it back with a tracking number so they know when it arrives at the collection point or take it to a local drop off point. Whether or not it’s realistic to nearly triple voting by mail is unclear. One of the things that could make it work is people voting early, which allows the processing of paper ballots to be stretched out over a longer, more manageable period. The system some states are using at least allows you to vote by mail and track your vote. However, once it arrives at the collection point, it’s no more secure than it ever has been.

The other challenge with voting by mail is that not all states currently allow it. Many require the voter to provide an adequate explanation as to why they need to vote by mail. Allowing federal elections to be held by mail would require a federal mandate and the political will to do so, which does not seem to exist today.

Fortunately, there is a simpler way. We can vote online, via the Internet using a system that puts verification in the hands of each and every voter. The word I have chosen for this is iVote. iVote would be a smartphone app (that yes, could be written in Xojo) that connects to the iVote Server (really a large array of servers) that would then count the votes. Not everyone will be able or expected to use iVote and for those that can’t or won’t, voting by mail should be an acceptable alternative. For those willing to consider iVote, let’s look at the challenges of doing so and see how we can address them:

We must ensure that a voter cannot be scammed into not voting or believing they are voting when in fact they are not.

We must ensure the user is an eligible voter.

We must ensure that the application has no known security issues.

We must ensure that the voter can have confidence that their vote made it to the place where it will be counted.

We must ensure that the voter cannot show others proof of how they voted. We don’t allow this today so we certainly should not allow it with iVote.

We must ensure that the votes are stored on servers in a secure way that will prevent them from being altered or deleted.

Should a server be compromised or fail entirely, there must be a backup system upon which we can rely just as voting machines produce a paper backup today.

Ensuring voters cannot be scammed

We don’t want voters to be scammed into using the wrong app. This is actually an easier problem to solve than it might first seem. If we limit iVote to being only a smartphone app, Apple and Google can both ensure that the official app is prominently displayed and refuse apps that appear to be misleading users. They can also ensure that the app really does only connect to the servers to which it claims to connect. Doing this with a desktop or web app would be far more challenging. Then it simply becomes a marketing campaign to make sure voters understand how to easily get the legitimate app.

Ensure that only eligible voters can vote

The Registrar of Voters maintains the list of eligible voters. They could mail each voter a unique QR code that would be required by the app to allow the user to vote. Each QR code could be made of such length and complexity as to make fraud impractical. To begin the voting process, the user would use the iVote app to scan the QR code to authenticate that they are an eligible voter. This letter could also remind them where to get the iVote app of course.

In theory someone could break into your mailbox (committing a crime in the process) however, our current system with mail-in ballots suffers from this weakness today. The reality is that those attempting to influence elections don’t tend to go after individuals. That’s completely impractical.

Ensure the iVote app has no known security problems

This one’s easy. The iVote app should be open source so that anyone can examine the code and report any security concerns. Open source means that any programmer could recompile the source that was claimed to be the version that went into the officially released app and then compare that version with the version in the app to make sure they are the same.

Ensure the voter can be confident their vote will be counted

I’ll first point out that today you have no way of knowing that your vote ever made it beyond the polling location and was in fact counted. Nor can you be sure that when votes are totaled and aggregate counts are transmitted, that that date has not been tampered with. Having said that, iVote can provide you with far more confidence than today’s solution. First, your vote would be encrypted with iVote Server’s public key. For those of you not familiar with how public/private keys work, a public key provides a way to encrypt data such that only the user with the private key can decrypt it. The iVote app could therefore encrypt your vote then send it to the iVote Server which would be able to decrypt it in order to count your vote. If your vote ever fell into the wrong hands it would be useless as, without the private key, it can’t be decrypted. After your vote is encrypted, the iVote app would make a cryptographically-secure hash of your encrypted vote and store it on your phone. A hash is one-way encryption. That means you can encrypt but not decrypt. What’s the point of that? Well, it’s always the same hash. That means that at any time, the iVote app could allow you as a voter the ability to verify that your vote arrived at the iVote Server and has not been tampered with. Basically, the iVote app would ask the iVote Server for a hash of your vote as it is stored. It would send that hash back to the iVote app on your phone where the iVote app could then compare it. If they match, you know the iVote Server has the same vote you sent it. If they don’t, your vote has been tampered with.

Should iVote discover your vote missing or tampered with, it could alert you and ask you if you’d like to resubmit your vote using a pristine copy your original encrypted vote to the iVote Server. With potentially millions of people occasionally reverifying their votes, manipulating votes on the server becomes impractical.

Ensure that voters can’t show proof of how they voted

We don’t allow this today. We don’t provide an official record that shows how you voted because we don’t want voters selling their votes. The iVote app should be no exception. As I mentioned before, once you submit your vote, it’s encrypted with the iVote Server’s public key. While an encrypted copy of your vote is stored on your phone, there’s no way for you to decrypt it. So there would be no way to show anyone else how you voted and therefore no way to sell your vote.

Ensure that votes are stored securely on the iVote Server

It’s important to remember that our current system is not very secure. Security experts who point to servers as the single point of failure when it comes to electronic voting are failing to consider that voting today consists largely of votes recorded electronically and even when they are not, aggregate voting totals are stored and transmitted electronically. So we are already voting electronically. The difference with iVote is that the votes are each stored encrypted and are delivered to the server by the user. There’s no intermediary making it a far more secure system than the one we have today. And again, each voter can verify their vote at any time.

Ensure that should an iVote Server be damaged or hacked, the votes can be restored

First, each server would no doubt be part of an array of servers so that your vote is immediately duplicated to another server as a backup. There’s a lot we can do to make sure servers are secure and backups maintained. However, even if somehow all of these servers were lost, your phone would have an encrypted copy of your vote which could be resubmitted to the iVote Server if necessary.

What aren’t we doing this already?

As I mentioned before, there are many that claim it can’t be made secure enough. I believe I have successfully made the point that such a system would be at least as secure as the one we have today but almost certainly more secure. Given this isn’t hard to figure out, why do some continue to claim that it is a bad idea? Many have gone on record saying that if voting is easy, they won’t be able to win an election. They are effectively relying upon voter suppression to win. That’s not representative government. It’s disenfranchisement. This is another important reason why voting must be made easier. Because regardless of your politics, those that represent the population in government should be a reflection of that voting population. When they are not, society begins to break down.

Summary

There are of course other benefits to iVote. Results can be tabulated faster and more accurately. Voter suppression would not be an issue. In fact, iVote would likely help increase voter turnout. The app could also provide information on the candidates and issues.

Creating the iVote app and iVote Server to allow us to vote electronically is not particularly challenging. It involves technology that is well-known, reliable and secure. iVote would mean that voters would be able to vote without risking getting sick or making others sick. It also simply makes it easier for people to vote. They don’t have to take time off of work or stand in long lines at polling locations. This is something we should have done a long time ago to encourage voting by making it easier to vote. Today, while living with the new normals of a pandemic, iVote is a moral imperative.